From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arindam Haldar Date: Fri, 04 Jan 2002 05:48:15 +0000 Subject: Re: [LARTC] iptables mark & iproute related ! Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org hi, Stef Coene wrote: > On Thursday 03 January 2002 15:17, Arindam Haldar wrote: >>hi >>i did those test & as i said in my last mail there is trafic passing thru >>ir bytes counter r increasing but the tc command doesnt show any >>restircition. seem like marked pkts r not going thru the iproute >> > Sorry, you wrote to encrypted for me to understand everything ;-) > If I understand correctly, everything works if you use CBQ & SFQ, but the fw > filter is not working like it should be ? YES !!! .. UR ABSOLUTELY RIGHT !!!! :-) > >>any suggestions ?? >> > Can you post the scripts you are using so I can try them myself ? > > Stef > THIS IS MY TRUNCATED SCRIPT(MARK RELATED) ! iptables -A INPUT -i eth4 -s 192.168.1.1 -j ACCEPT iptables -A FORWARD -o eth0 -s 192.168.1.1 -j ACCEPT iptables -A PREROUTING -t nat -i eth4 -p 6 --dport 80 -j REDIRECT --to-port 3128 iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d a.b.c.d -j MARK --set-mark 55 iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d ! a.b.c.d -j MARK --set-mark 51 iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.1 -j MASQUERADE iptables -A PREROUTING -t nat -i eth0 -d 192.168.1.1 -s a.b.c.d -j MARK --set-mark 56 iptables -A PREROUTING -t mangle -i eth0 -d 192.168.1.1 -s ! a.b.c.d -j MARK --set-mark 52 ###--32kbps for x-LAN tc class add dev eth4 parent 5:1 classid 5:191 est 2sec 10sec cbq bandwidth 512Kbit rate 32Kbit allot 5\1514 weight 3.2Kbit prio 2 maxbrust 5 avpkt 1500 bounded tc qdisc add dev eth4 parent 5:191 sfq perturb 10 tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 51 fw flowid 5:191 tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 52 fw flowid 5:191 ###--128 for LAN tc class add dev eth4 parent 5:1 classid 5:192 est 2sec 10sec cbq bandwidth 512Kbit rate 128Kbit allot 5\1514 weight 3.2Kbit prio 2 maxbrust 5 avpkt 1500 bounded tc qdisc add dev eth4 parent 5:192 sfq perturb 10 tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 55 fw flowid 5:192 tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 56 fw flowid 5:192 similar for eth0 too !! thanx in anticipation arindam haldar _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/